[PATCH] fixed #2365

Gbp-Pq: Name CVE-2023-23145.patch

diff --git a/src/laser/lsr_dec.c b/src/laser/lsr_dec.c
index 1c1a6a6d6c8d4296ca9d0a2e8e813245c70dc88d..9321b53c3b978ed1a0a451a28eeb3f3e0a62e3ce 100644 (file)
--- a/src/laser/lsr_dec.c
+++ b/src/laser/lsr_dec.c
@@ -1483,8 +1483,8 @@ static void lsr_read_rare_full(GF_LASeRCodec *lsr, GF_Node *n)
                        } else {
                                da->type=SVG_STROKEDASHARRAY_ARRAY;
                                da->array.count = lsr_read_vluimsbf5(lsr, "len");
-                               da->array.vals = (Fixed*)gf_malloc(sizeof(Fixed)*da->array.count);
-                               da->array.units = (u8*)gf_malloc(sizeof(u8)*da->array.count);
+                                da->array.vals = (Fixed*)gf_realloc(da->array.vals, sizeof(Fixed)*da->array.count);
+                                da->array.units = (u8*)gf_realloc(da->array.units, sizeof(u8)*da->array.count);
                                for (j=0; j<da->array.count; j++) {
                                        da->array.vals[j] = lsr_read_fixed_16_8(lsr, "dash");
                                        da->array.units[j] = 0;